Cryptography is the method of converting plaintext information into non human-readable form called ciphertext through a process called encryption, and reverse process to convert the ciphertext back to original form called decryption.
Today, knowledge in cryptography is crucial for every computer programmers and computer engineers. It is applied in everywhere in the cyberspace and it is a sin of omission if not applied properly to provide cybersecurity protection in the areas of confidentiality, integrity, authentication, and non-repudiation.
Cryptography is the integral part of blockchains and crypto-currencies such as Bitcoin, Ethereum, etc. It is used to secure data transmission in WiFi communication, 4G LTE network, HTTPS web access, etc. It is also extensively used to secure file system in Apple iOS, Windows Bitlocker, SSD encryption, etc. It enables the implementation of digital signature.
Cryptography makes use of digital key(s) to perform the encryption and decryption process. There is one kind of cryptography called hashing which does not make use of any key, and the ciphertext is non-reversible to original information.
Keyless Cryptography (Hashing)
Hashing is a one way function that convert its input message into irreversible string of text called hash or digest, which normally has a length much shorter than the input message. The key concept of hashing is that the generated digest is unique to the input message, so that same input message will always generate the same digest, and different input message will not generate the same digest.
Hashing is commonly used:
- To store password for identity authentication
- To generate checksum or fingerprint to verify if the original information has not been tampered or changed
- In database and data storage for more efficient data searching
- In computer geometrics and computer graphics
Examples of hashing function are:
- MD5 (Message Digest 5) - designed to replace earlier version of MD2 and MD4. Still commonly used despite MD6 has been around to replace it.
- SHA-3 (Secure Hash Algorithm 3) - winner of the NIST hash function competition. Commonly used in digital certificates. Supersedes earlier version of SHA-0, SHA-1 and SHA-2.
- BLAKE2 - Used in RAR compressed file checksum. Supersedes earlier version of BLAKE.
Symmetric Key Cryptography (Private Key Cryptography)
The same private key is used for message encryption and decryption.
It is commonly used in secured data transmission, such as SSH, WiFi with password, 4G LTE communication, etc.
Examples of symmetric key cryptography are:
- DES (Data Encryption Standard) - designed by IBM in 1970's. Modern supercomputer is able to decrypt DES encrypted information within just a few days. Still commonly used in smart cards, SIM cards, etc.
- 3DES (Triple DES) - more secure version of DES.
- IDEA (International Data Encryption Algorithm) - commonly used in Pretty Good Privacy (PGP) email signing and secured email transfer.
- ThreeFish - is the successor of Blowfish and TwoFish. Commonly used in SSH secured remote access.
- RC6 (Rivest cipher 6) - designed by RSA Security, patent just expired in 2017. Commonly used for secured data transmission and in bank ATM machines. Is the successor of RC2, RC4, RC5.
- AES (Advanced Encryption Standard) - commonly used by USA government and commercial sector to protect top secret documents.
Asymmetric Key Cryptography (Public Key Cryptography)
Consists of a key pair. The private key that should be kept secret with the owner, and the public key that needs to be known by others.
In the scenario of digital signing, the private key is used to sign the digital document, and the public key is used to verify the digital signature.
In the scenario of data encryption, the public key is used to encrypt the document to be sent to the private key owner, and the encrypted document can only be decrypted using the corresponding private key.
It is commonly used in Secure Socket Layer (SSL), Transport Layer Security (TLS), S/MIME, digital signature, blockchains and crypto-currencies.
Examples of asymmetric key cryptography are:
- RSA (Rivest-Shamir-Adleman) - named after its 3 designers. Patent expired in 2000. Compared with DSA, it is slower in digital signing and faster in verification.
- DSA (Digital Signature Algorithm) - patented but can be used royalty free. Commonly used in SSH and digital signature. Compared with RSA, it is faster in digital signing and slower in verification.
- ECC (Elliptic Curve Cryptography) - derived from DSA and based on Elliptic Curves theory. Commonly used in Bitcoin, Ethereum, iOS, etc.
- Diffie-Hellman - is used for public key exchange and not for digital signing or data encryption.